Update docs deps to address cves (#2080)

Related-to: https://github.com/woodpecker-ci/woodpecker/pull/2078 Remaining CVEs: ``` ❯ trivy fs --exit-code 1 --skip-dirs node_modules/,plugins/woodpecker-plugins/node_modules/ docs/ 2023-08-01T10:02:36.911+0200 INFO Vulnerability scanning is enabled 2023-08-01T10:02:36.911+0200 INFO Secret scanning is enabled 2023-08-01T10:02:36.911+0200 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2023-08-01T10:02:36.911+0200 INFO Please see also https://aquasecurity.github.io/trivy/v0.43/docs/scanner/secret/#recommendation for faster secret detection 2023-08-01T10:02:36.963+0200 INFO Number of language-specific files: 1 2023-08-01T10:02:36.963+0200 INFO Detecting pnpm vulnerabilities... pnpm-lock.yaml (pnpm) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0) ┌─────────┬────────────────┬──────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ got │ CVE-2022-33987 │ MEDIUM │ 9.6.0 │ 11.8.5, 12.1.0 │ missing verification of requested URLs allows redirects to │ │ │ │ │ │ │ UNIX sockets │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-33987 │ ├─────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ trim │ CVE-2020-7753 │ HIGH │ 0.0.1 │ 0.0.3 │ nodejs-trim: Regular Expression Denial of Service (ReDoS) in │ │ │ │ │ │ │ trim function │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-7753 │ └─────────┴────────────────┴──────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘ ``` - `trim` is pulled in by `@docusaurus/theme-classic` and can be ignored due to https://github.com/facebook/docusaurus/issues/7275#issuecomment-1113997259 - `got` can be ignored as well, see `trim`
2024-12-20 15:36:30 +00:00 · 2023-08-01 13:30:44 +02:00 · 2023-08-01 13:30:44 +02:00 · e1a273d25d
commit e1a273d25d
parent 9f987155f3
3 changed files with 2524 additions and 2349 deletions
--- a/docs/package.json
+++ b/docs/package.json
@ -14,8 +14,8 @@
    "write-heading-ids": "docusaurus write-heading-ids"
  },
  "dependencies": {
-    "@docusaurus/core": "^2.4.0",
-    "@docusaurus/preset-classic": "^2.4.0",
+    "@docusaurus/core": "^2.4.1",
+    "@docusaurus/preset-classic": "^2.4.1",
    "@easyops-cn/docusaurus-search-local": "^0.35.0",
    "@mdx-js/react": "^1.6.22",
    "@svgr/webpack": "^6.5.1",
@ -25,7 +25,7 @@
    "prism-react-renderer": "^1.3.5",
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
-    "redocusaurus": "^1.6.2",
+    "redocusaurus": "^1.6.3",
    "url-loader": "^4.1.1"
  },
  "browserslist": {
@ -41,11 +41,17 @@
    ]
  },
  "devDependencies": {
-    "@docusaurus/module-type-aliases": "^2.4.0",
+    "@docusaurus/module-type-aliases": "^2.4.1",
    "@tsconfig/docusaurus": "^1.0.7",
-    "@types/react": "^18.0.32",
+    "@types/react": "^18.2.18",
    "@types/react-helmet": "^6.1.6",
    "@types/react-router-dom": "^5.3.3",
    "typescript": "^4.9.5"
+  },
+  "pnpm": {
+    "overrides": {
+      "trim": "^0.0.3",
+      "got": "^11.8.5"
+    }
  }
 }
--- a/docs/plugins/woodpecker-plugins/package.json
+++ b/docs/plugins/woodpecker-plugins/package.json
@ -10,16 +10,16 @@
    "style": "mkdir -p dist/theme/ && cp src/theme/style.css dist/theme/style.css"
  },
  "devDependencies": {
-    "@docusaurus/module-type-aliases": "^2.4.0",
-    "@docusaurus/theme-classic": "^2.4.0",
-    "@docusaurus/types": "^2.4.0",
+    "@docusaurus/module-type-aliases": "^2.4.1",
+    "@docusaurus/theme-classic": "^2.4.1",
+    "@docusaurus/types": "^2.4.1",
    "@tsconfig/docusaurus": "^1.0.7",
-    "@types/marked": "^4.0.7",
-    "@types/node": "^18.11.2",
+    "@types/marked": "^4.3.1",
+    "@types/node": "^18.17.1",
    "axios": "^0.27.2",
    "concurrently": "^7.6.0",
    "marked": "^4.3.0",
-    "tslib": "^2.5.0",
+    "tslib": "^2.6.1",
    "typescript": "^4.9.5"
  },
  "peerDependencies": {
@ -28,6 +28,6 @@
  },
  "dependencies": {
    "fuse.js": "^6.6.2",
-    "yaml": "^2.2.1"
+    "yaml": "^2.3.1"
  }
 }
--- a/docs/pnpm-lock.yaml
+++ b/docs/pnpm-lock.yaml